buildFhsUserenv: don't leak mounts to other processes

If run as root we were leaking mounts to the parent namespace,
which lead to an error when removing the temporary mountroot.
To fix this we remount the whole tree as private as soon as we created
the new mountenamespace.

1 files changed, 3 insertions, 1 deletions

diff --git a/pkgs/build-support/build-fhs-userenv/chrootenv/chrootenv.c b/pkgs/build-support/build-fhs-userenv/chrootenv/chrootenv.c
index a438b80e182..27e70e3fe5c 100644
--- a/pkgs/build-support/build-fhs-userenv/chrootenv/chrootenv.c
+++ b/pkgs/build-support/build-fhs-userenv/chrootenv/chrootenv.c
@@ -43,7 +43,6 @@ const gchar *create_tmpdir() {
 void pivot_host(const gchar *guest) {
   g_autofree gchar *point = g_build_filename(guest, "host", NULL);
   fail_if(g_mkdir(point, 0755));
-  fail_if(mount(0, "/", 0, MS_PRIVATE | MS_REC, 0));
   fail_if(pivot_root(guest, point));
 }
 
@@ -122,6 +121,9 @@ int main(gint argc, gchar **argv) {
       fail("unshare", unshare_errno);
     }
 
+    // hide all mounts we do from the parent
+    fail_if(mount(0, "/", 0, MS_PRIVATE | MS_REC, 0));
+
     if (uid != 0) {
       spit("/proc/self/setgroups", "deny");
       spit("/proc/self/uid_map", "%d %d 1", uid, uid);